context-aware access control model for services...
TRANSCRIPT
Ichiro Satoh
Context-Aware Access Control Model for Services Provided from
Cloud Computing
Ichiro Satoh Researcher, National Institute of Informatics /
The chairman of working group for technical issues on personal data, the Cabinet Secretariat of Japan
E-mail: [email protected]
Ichiro Satoh
Outline
n Motivation n Problem statement n Requirements n Design and Implementation n Evaluation n Conclusion A framework to enable context-aware services in mobile and pervasive computing to be provided from cloud computing. It can bridge a gap between context-based access control model and role-based access control model used in commercial cloud computing platforms.
Ichiro Satoh
Introduction
n Context-aware services tend to be used in pervasive computing settings n Such computers have limited computational resources. n Context-aware services themselves are often provided
from cloud computing. n The final goal is to support city-level context-aware
systems with a large number of users for multiple purpose on IoT infrastructures
n However, access control models for context-aware services and in cloud computing are different. n The purpose of this work is to bridge gaps between
context-aware models in context-aware services and cloud computing.
Ichiro Satoh
Background n Our projects had many experiments on context-aware services in
the real world, e.g., shopping malls and museums. n For example, our context-aware visitor navigation services
had been used in several museums, e.g., national science museum of Japan
n The services supported annotations about exhibits according to visitors’ context and behaviors in the museums.
n Services were provided from cloud computing platforms in addition to local pervasive or mobile computers.
Ichiro Satoh
Introduction
n Context-aware services tend to be used in pervasive computing settings n Such computers have limited computational resources. n Context-aware services themselves are often provided
from cloud computing. n The final goal is to support city-level context-aware
systems with a large number of users for multiple purpose on IoT infrastructures
n However, access control models for context-aware services and in cloud computing are different. n The main contribution of this work is to bridge gaps
between context-aware models in context-aware services and cloud computing.
Ichiro Satoh
Gap Between Access Control Models
n When services are provided from cloud computing, there are gaps between security mechanisms, e.g., access control models, in pervasive computing in cloud computing.
n In context-aware computing: n Access controls based on context or subject in the real world
n In cloud computing: n Mandatory access control (MAC), discretionary access
control (DAC), and role-based access control (RBAC)
n There is mismatches between access control models in pervasive computing and cloud computing.
Our goal is to bridge gaps between them.
Pervasive computers
Access model
Context-aware Service
Cloud computing infrastructures
Access model
Context-aware Service
Provision
Ichiro Satoh
Access Control Models in Cloud n Most commercial cloud computing platforms support
conventional access control models, e.g., Mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC)
Individuals Roles Resources
n For example, role-based access control (RBAC). n A user has access to resources according to his/her assigned role. n Roles are defined based on job functions. n Permissions are defined based on job authority and responsibilities
within a job function.
Such models may be useful in server-sides, but in pervasive computing context-aware access control models are needed.
Ichiro Satoh
Context-based Access Model
n In context-aware services, permissions should be associated with contexts, and subsequently subjects are associated with the contexts they are currently operating in.
Room 1 Room 2Device
User A User B
Floor
Example scenarios: n Only while a user is in the
room, his/her smart phone should have the capability to control the devices in the room.
n Anyone who are not in the room should not. n Administrators should have the capability of managing devices in
the house (subject-based AC)
OK
Ichiro Satoh
Connecting Context-centric AC to Role-based AC n When services are provided from cloud computing, context-
aware services need to be managed based on the access control supported in cloud computing, e.g., RBAC.
Context Roles Resources
Room 2
Room 1
Home
n Our framework maps from contexts to roles. n It needs to access only the targets according to context.
Room 2
Room 1
Room 1
Home
Ichiro Satoh
Approach n To support context-based access control, our approach introduces a world
model to represent contexts in the real world and to connect between pervasive computers and services provided from cloud computing.
n The model consists of counterparts as representations of their targets, e.g., person, objects, and spaces, in the real model.
n The model supports a context-aware service broker to find and invoke services support in cloud computing, which is managed in RBAC and so on.
n Subject-based access control in pervasive computing is supported by using Cloud’s RBAC
Room 2 Room 1
counterpart Room 2
counterpart
Floor counterpart
Terminal Counter-
part
Light Counter-
part
Room 1
Light Counter-
part
RBAC
Light service
Light service
Roles
World Model Cloud computing
Real world
Ichiro Satoh
World Model n Counterparts are representatives of their targets and programmable entities
and used as proxies to access cloud services on behalf of the targets n They are structurally organized according to containment relationships
between them by using several location-sensing systems. n e.g., Active RFID, WiFi-based TDoA locating systems
n The model manages location-based access control. n Each counterpart can access the services that are coupled with its
neighboring and descendant counterparts via the model.
Building
Floor Floor
Room Room
User B User A Computer Computer
Location Sensing System
World Model
Application-specific Services
Real World
The author is a member of ISO SC31 (for RFID and real-time locating systems)
Ichiro Satoh
Connection between Context-Aware AC and Cloud’s AC Models
n Services in cloud are loosely coupled to the counterparts of their targets, e.g., users’ smartphones and appliances
n The framework abstract away differences in access control models used in cloud computing, e.g., RBAC, DAC, and MAC
n It enables pervasive devices to indirectly interact with services via their counterparts organized in a tree structure based on the containment relationships between people, devices, and spaces.
Room
Light service
Light service
Roles
Terminal Counter-
part
Light Counter-
part
Response (The target’s favorite protocol)
Request (The target’s favorite protocol)
Request (inter-counterparts)
Response
Request
Room counterpart Cloud computing World Model
Providing information for RBAC
Service broker
Ichiro Satoh
Experiment n When a user moves to an exhibit in a museum, it automatically presents
annotations at computers close to the exhibit in a museum with RFID. n Services provided from MS Azure (under RBAC) could be controlled
according to users’ context.
Sensor (RFID reader)
Sensor (RFID reader)
Sensor (RFID reader)
Cloud (Microsoft Azure)
In the experiment at the Museum of Nature and Human Activities (Hyogo, Japan) for a month.
Annotation service 1
Annotation service 2
Administration service 3
The proposed framework
RFID tag
The author is a member of ISO SC31 (for RFID and real-time locating systems)
Ichiro Satoh
Lesson Learns from Experiencesn Sensing errors
n Sensing and computing systems are not perfect. n There is no perfect solution, but n The framework could inform such errors to context-
aware services, administrators, and users. n User-conflicts
n The framework could explicitly inform services when detecting multiple users beyond services’ assumptions.
Ichiro Satoh
Conclusion
n A framework could bridge a gap between access control models in context-aware services and cloud computing. n It could abstract away access control models in commercial
cloud computing platforms and be independent of implementations of services in cloud.
n This mismatches are general when providing context-aware services from cloud computing.
n Future work. n The current implementation was a little ad-hoc because its
original purpose was to construct a practical (and ad-hoc) system used in an experiment in the real world.
n We plan to reconstruct the framework as an academic prototype system.